Update k8s sidecar image to non-root

SAP · Aug 8, 2024 · 3e5105f · 3e5105f
1 parent 8a5787b
commit 3e5105f
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 7 deletions.
diff --git a/k8s-sidecar/Dockerfile b/k8s-sidecar/Dockerfile
@@ -3,19 +3,18 @@ RUN apk --no-cache add bash jq
 RUN apk --no-cache add bash curl
 RUN apk --no-cache add bash tar
 
-
 WORKDIR /ams
 
 RUN adduser -D -u 443 amsnonroot
 RUN chown amsnonroot /ams
 
-COPY resources/opa.tar.gz /opa.tar.gz
-RUN tar -xzf /opa.tar.gz -C /bin/ --remove-files
+COPY resources/opa.tar.gz opa.tar.gz
+RUN tar -xzf opa.tar.gz -C /bin/ --remove-files
 RUN chown -R amsnonroot /bin
 RUN chmod +x /bin/opa
 
-COPY ./sidecar/start.sh .
-COPY ./sidecar/config-template.json .
+COPY k8s-sidecar/start.sh .
+COPY k8s-sidecar/config-template.json .
 
 USER amsnonroot
 

diff --git a/k8s-sidecar/start.sh b/k8s-sidecar/start.sh
@@ -19,4 +19,4 @@ jq -n --arg bundleUrl "$bundle_url" --arg iasCertPath "$ias_cert_path" --arg ias
 
 >&2 echo "INFO: " "$(cat config.yml)"
 
-opa run -s -c config.yml --set status.plugin=dcl --addr=[]:8181
+opa run -s -c config.yml --set status.plugin=dcl --addr=[]:8181 --disable-telemetry
diff --git a/pkg/supply/supply.go b/pkg/supply/supply.go
@@ -234,7 +234,7 @@ func (s *Supplier) writeLaunchConfig(cfg env.Config) error {
 		path.Join("/home", "vcap", "deps", s.Stager.DepsIdx(), "opa"),
 		path.Join("/home", "vcap", "deps", s.Stager.DepsIdx(), "opa_config.yml"),
 		cfg.LogLevel,
-		9888)
+		cfg.Port)
 	s.Log.Info("OPA start command: '%s'", cmd)
 	launchData := LaunchData{
 		[]Process{
Original file line number	Diff line number	Diff line change
Expand Up		@@ -19,4 +19,4 @@ jq -n --arg bundleUrl "$bundle_url" --arg iasCertPath "$ias_cert_path" --arg ias

		>&2 echo "INFO: " "$(cat config.yml)"

		opa run -s -c config.yml --set status.plugin=dcl --addr=[]:8181
		opa run -s -c config.yml --set status.plugin=dcl --addr=[]:8181 --disable-telemetry